How Ransomware Works

Cybersecurity is a top concern for most businesses—reports of cyber-attacks and data breaches are commonplace in today’s news headlines. One of the most important threats to pay attention to is ransomware. Unlike other cybersecurity threats that operate in the background and seek to be undetectable, ransomware is more straightforward. Instead, it focuses on its primary goal: Getting your attention so you pay the financial demand.

What Is Ransomware and How Does It Spread?

Ransomware is malware that finds its way into your system, blocks access to your files and data, and demands payment in order to restore your access. The cybercriminal responsible for the ransomware infecting your computer has encrypted your files, adding extensions and essentially holding your data or network hostage until you pay the requested fee.

Ransomware is spread through links and downloads that trick people into allowing access to their computer and network system. In many cases, the ransomware is sent via an email that appears to come from a legitimate source. Naturally, trusting the source, you click a link within the email or download an attachment—and that link or document contains the malicious ransomware code. You can also get ransomware from methods like social media messages, clicking links on compromised websites, plugging in an unfamiliar USB drive, etc.

Examples of Ransomware Attacks

In 2017, WannaCry attacked over 200,000 computers throughout the world within just days. This ransomware attack featured a worm aspect that was able to scan for vulnerabilities and allow it into major networks, helping it affect many big organizations.

Another well-known ransomware attack was CryptoLocker, which was distributed in 2013, mostly through attachments in spam messages. When individuals downloaded this ransomware to their computers, they saw messages demanding money in exchange for the decryption keys that would open the files that CryptoLocker had sealed. Between 2013 and 2014, this ransomware infected more than 500,000 computers. CryptoLocker and the variations that evolved from it garnered more than $3 million in paid ransoms.

A ransomware very similar to CryptoLocker was called TeslaCrypt, but the main difference is that it targeted files needed to play video games. The ransomware’s developers knew that their victims would do anything to keep their video game data, including downloaded maps, saved games, player profiles, game modifications, and more. So they encrypted those precious files and demanded bitcoin from the victims. As of 2016, TeslaCrypt accounted for nearly half of ransomware attacks. However, the good news is that also in 2016, the creators of this ransomware made the decryption key public, allowing their victims to get their files back without paying the ransom.

Facts and Figures on Ransomware

It’s important to keep in mind just how much money cybercriminals collect from ransomware. Some statistics from trusted sources like CSO show that in 2017 alone, this type of cybercrime led to about $5 billion in losses—that’s fifteen times more than the total cost of losses in 2015.

So, who are the most likely ransomware victims? The healthcare industry has been a target in about 45% of cases. The financial services industry is another big target, as 90% of companies in this field were attacked by ransomware in 2017.

Experts have estimated that about 4,000 ransomware attacks are sent out every day, with a new attack being initiated about every 40 seconds. It’s also important to note that about 60% of small businesses have been targeted by ransomware. If you run a business, it’s important to protect yourself and your company from this type of attack. You can do so by looking into ransomware training for employees and following these steps:

Back up your systems data frequently. This will ensure that you still have access to a version of your files if ransomware attacks your system.

Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware. Be sure to contact your IT department if you or your coworkers receive suspicious calls.

Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical.

Make sure that all systems and software are up-to-date. Regular patching of vulnerable software is necessary to help prevent infection.

If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi.

Contributors

Kirk Wright

VP of Marketing

Fearless marketing leader with 10 years of experience in the cloud security and compliance industry and an affinity for Waffles.